The Rise of Retail Breaches

When the Target breach was first announced, I told anyone who would listen a) that this was unusual only in its scope, not that a store suffered a breach and b) expect this story to be the tip of the iceberg. People who understood security agreed (one of my friends even told me that he stopped using a debit card because of my warnings), but too many of my business-owning acquaintances brushed it off, saying that Target was huge and that’s why it was breached.

Well, you have to be living under a rock to not notice that retail breaches are happening with alarming frequency, they are happening to retail businesses both large and small, and they are happening for different reasons. For example, the recently announced Goodwill breach is thought to be caused by a third-party vendor. Other retail breaches were due to a Trojan called Backoff, which has been around for about a year. Explained by SmallBusinessComputing.com:

Backoff, and its variants, sits stealthily on Microsoft point-of-sale (POS) systems, acting essentially as both a credit card skimmer and key logger, then periodically transmits its haul to data thieves.

In that article, Andrew Bagrin, founder and CEO of My Digital Shield, pointed out that for every retail breach we hear about, hundreds more are falling through the cracks.

While I’m not surprised by the influx of retail breaches, I have been wondering why retail seems to be the most prevalent target in 2014. Is it media hype or is the industry purposely under attack? Russ Spitler, VP of Product Management at AlienVault, answered that question for me. Yes, he said, the retail industry is being targeted more than ever for a couple of reasons. First, the industry still doesn’t take security as seriously as it should and the hackers are exploiting it, while at the same time, other industries, like banks, have taken steps to improve security. Second, point of sale systems originally designed and built years ago are easy places to grab a foothold. Spitler went on to tell me in an email:

Hackers are focusing on retailers because 'that is where the money is' - it is the easiest target with the greatest reward. These criminals are doing the cost analysis of the investment they need to make to breach a target and what they are going to get in return. We have just seen reports of incredibly sophisticated attacks against major Wall Street banks - customized malware and long campaigns - if that is what it takes to break into a bank, no wonder the bigger breaches are focusing on the less sophisticated targets with just as large an economic potential.

These are steps in the right direction. But we’ll continue to have the weekly (or now almost daily) announcement of a new retail breach until the industry as a whole takes security a lot more seriously.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

IT Solutions Builder
TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD

Which topic are you interested in?

Mobile

Security

Networks/IoT

Cloud

Data Storage

Applications

Development

IT Management

Other

What is your company size?

What is your job title?

What is your job function?

Searching our resource database to find your matches...

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.